http://www.newsbytes.com/news/02/175343.html

Bummer...

Very interesting...

I bet they were not patched.
Thanks for the post.
Deja

wow bad news for both verisign as well as interland

too bad, i hate companies being hacked, they loss a lot of data if the hacker it cruel :(

According to its Web server banner, the system was running Microsoft's Internet Information Server (IIS) on Windows 2000. The server was operated by Atlanta-based hosting firm Interland under an outsourcing agreement, according to Verisign spokesperson Pat Burns.

Get a real OS..

Originally posted by OKIHost

Get a real OS..

Better not let Mike from RackMY.com hear you say that :).

This isn't exactly a big deal... it sounds like the only sites affected were parked domains anyway. Who really cares if a few thousand parked sites served up an 31337 message for a few hours? It's not as if there were customers regularly visiting those sites.

Originally posted by cperciva
This isn't exactly a big deal... it sounds like the only sites affected were parked domains anyway. Who really cares if a few thousand parked sites served up an 31337 message for a few hours? It's not as if there were customers regularly visiting those sites.

I disagree. Verisign charges 3 times as much for their domains as other registrars, and I believe they also charge extra for domain forwarding. One of the reasons they claim they charge so much, is because of their security. Security is a big aspect of the services they are trying to sell.

What message does it send to their customers, when they cannot even properly secure their own web servers?

Don't get me wrong, I am not expecting this to have a huge impact on Verisign, but it should be a cause for concern for people who are trusting security matters to them.

Originally posted by cperciva
This isn't exactly a big deal... it sounds like the only sites affected were parked domains anyway. Who really cares if a few thousand parked sites served up an 31337 message for a few hours? It's not as if there were customers regularly visiting those sites.
I also disagree... Verisign has been trusted to hold every SSL key in existence. If a 16 year old kid can hack into one of their systems, imagine what a more serious computer terrorist could do. I hope this is Verisign's wake up call and they step up on their security.

I have absolutely no sympathy for Verisign.

Originally posted by mindboggle
I also disagree... Verisign has been trusted to hold every SSL key in existence. If a 16 year old kid can hack into one of their systems, imagine what a more serious computer terrorist could do. I hope this is Verisign's wake up call and they step up on their security.

Last time I bought an SSL certificate, I only had to send them the public key. Having the unsigned or even signed public key of every SSL certificate that they've signed is going to do you little good. IMHO.

This amuses me to no end because I hate NetSol.

However, people need to realize that although verisign owns all of these companies, they are all pretty much run as single units. As stated in the article, the blame lies totally on interland for not securing the server, not NetSol. Now had domain records got screwed up, then you could point fingers at NetSol and their security. Also, to compare NetSol with verisign's security group is obsurd.

-Dan

Originally posted by OKIHost
According to its Web server banner, the system was running Microsoft's Internet Information Server (IIS) on Windows 2000. The server was operated by Atlanta-based hosting firm Interland under an outsourcing agreement, according to Verisign spokesperson Pat Burns.

Get a real OS..

actually it is a real os, hope you do realize that
:rolleyes:

Originally posted by serve-you

As stated in the article, the blame lies totally on interland for not securing the server, not NetSol.


Dan -- I'm sorry, but I have to disagree with this statement. If we were talking about Candie's Flower Shop I would say you are 100% correct. But we're not, we are talking about Network Solutions, the largest registrar on the planet. Network Solutions has enough people on staff that they should be able to ensure that a dedicated server they host sites one, even one managed by another company, is properly secured.

Of course, I agree that Interland is very much at fault as well, but Network Solutions has to take some of the blame for not monitoring the security of their server better. Just as I would hold a web host accountable for not securing a server hosting at RackShack, RackSpace, or any other dedicated server provider.

I don't want to sound like I expect all hosting companies to be hack-proof, because we all know that is not possible. But if someone does hack a server of a host selling space on a dedicated server, people will go to the host looking for answers, because it is the host's responsibility to administer the server. If someone were to post on this board that they were hacked and it is all RackShack's fault -- I would hold them to the same standard and ask why they didn't secure THEIR server properly.

Servers get hacked, it happens, I don't expect them to never get hacked, but they surely should be able to prevent such simple attacks from occuring, and if it does occur, they sure as heck shouldn't blame Interland.

In a true managed hosting environment, the user is not responsible for a single thing on that server other than supplying the content. Sure we can say theoretically that NetSol should have a dept. that handles such, but it could very well be that they don't. I have dealt with some HUGE fortune 500 companies webservers, and the majority of them had ZERO clue when it came to their servers. This is why they pay for managed hosting.

Regardless of whether or not they are a internet related company, if they hired interland to manage their server, it is interland's responsibility to secure their server. You can't compare this to rackshack, because they are not a managed hosting provider, and I would agree that it is the customer's fault for not securing their server in that case.

-Dan

Dan, I don't know how you can so definatively quote the terms of service between Interland and Verisign, so that you are able to determine who is at fault here.

They were hacked. That we know.

Who had the responsibility for securing the server is not known.

It was embarrasing at the least, and may have been a more devistating hack then we know about at this point in time. A server has been compromised. I hope that the only thing resulting from this compromise was an embarrasing web forwarding page. I'm sure Verisign will not tell us any different until someone else discovers any hidden truths here.

-t

I'm not definately quoting their terms. I am however giving NetSol the benefit of doubt on this case, because I seriously doubt that they mangage their own servers. In my expericene, there are very few large coorporations that do. Wheteher they're a technical company or not.

-Dan

Originally posted by voxtreme-matt
I have absolutely no sympathy for Verisign.

Agree.

I am just lucky that a few days ago I registered/parked gotosite.biz with GoDaddy instead of Network Soloutions

Ubbdev was hacked sometime ago.
And now Versign.
Who's next?

heh, hackers hackers...

I find myself in tears after hearing this awful news about these two fine upstanding industry leaders.

Tears of joy, that is.

Interesting article, and entertaining. I hate Verisign and Interland, evil evil companies. But that website is annoying, I got one of those full-browser flash ads. :puke: